diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-16 13:38:15 +0200 |
---|---|---|
committer | Florian Klink <flokli@flokli.de> | 2020-04-21 23:51:12 +0200 |
commit | 3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc (patch) | |
tree | c9c2b2f2d6dd37bc5354cb2c358e728b5b36eddc | |
parent | b9c027da073b27a7bc0782b8e87464d4c10eca13 (diff) | |
download | nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.gz nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.bz2 nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.lz nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.xz nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.zst nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.zip |
rl-2003: Update the release documentation
It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not. (cherry picked from commit 21c4a33ceef77dec2b821f7164e13971862d5575)
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index b0940391b56..62251e0b25b 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root"; As well as this, the options <literal>security.acme.acceptTerms</literal> and either <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> must be set in order to use the ACME module. - Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are - preserved and thus it is possible to roll back to previous versions without breaking certificate - generation. + Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le. + In particular private keys will not be preserved. However, the credentials for simp-le are preserved and + thus it is possible to roll back to previous versions without breaking certificate generation. + Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can + have consequences if you embed your public key in apps. </para> </listitem> <listitem> |